FAQs - Electronic money institutions

Vai alla versione italiana Site Search

Business scope and applicable provisions

What is 'electronic money' (e-money)?

'Electronic money' means electronically, including magnetically, stored monetary value as represented by a claim on the issuer which is issued on receipt of funds for the purpose of making payment transactions and which is accepted by a natural or legal person other than the electronic money issuer (see Article 2 of Directive (EC) 110/2009, a.k.a. EMD2).

How can EMIs engage in other business activities, in addition to issuing electronic money and providing payment services?

EMIs engaging in other business activities, also known as hybrid EMIs, must set up a single dedicated capital fund for the issuance of e-money, for the provision of payment services and for the related ancillary services. The provisions of Article 114-terdecies of the TUB apply to this capital fund, including with regard to the issuance of e-money.

What is the supervisory regime for EMIs?

EMIs are subject to a prudential supervisory regime aimed at ensuring sound and prudent management, while keeping the payment system functioning, reliable and efficient, and protecting users.

The Bank of Italy performs its supervisory duties with due regard for the business aspects of the supervised entities, which set their strategies, organizational models and investment policies independently in compliance with the prudential regulatory framework.

In its supervisory role, the Bank of Italy carries out analyses and takes measures designed to promptly detect any signs of anomalies in the intermediaries' technical and organizational arrangements, and urges them to take the necessary corrective measures. It performs both off-site inspections - by collecting, processing and systematically analysing a comprehensive set of statistical, accounting and administrative data - and on-site inspections to confirm the quality and accuracy of the data provided by intermediaries and to have a better understanding of their organization and management. On-site inspections are tailored to reflect the characteristics, size and complexity of each intermediary and focus on material risks, corporate governance and internal controls.

These checks cover all operations and evaluate the solidity of organizational structures, the quality of risk management and control, the adequacy of capital to cover losses, and transparency and fairness vis-à-vis customers.

Licensing

Is there an application form?

No, there is no standard application form. The Supervisory Provisions for Payment and Electronic Money Institutions specify all the documents to be attached and provide templates for business plans and organizational structure reports.

What documents should I attach to my application?

The information and documents to be attached to licensing applications are set out in the Supervisory Provisions for Payment and Electronic Money Institutions and are, as a general rule, the following:

  1. memorandum and articles of association;
  2. business plan and organizational structure report;
  3. a list of direct and indirect participants in the capital, indicating the shares held; for indirect shareholdings, the entity through which the interest is held;
  4. evidence that the direct and indirect qualified shareholders meet the relevant requirements;
  5. an organizational chart of the group of belonging;
  6. proof of payment of the minimum capital required by the applicable provisions, issued by the head office of the bank where the payment was made;
  7. information on the origin of the money used to pay capital contributions;
  8. fit and proper certificates for the members of the management body, including with reference to the interlocking rules laid down in Decree Law 201/2011;
  9. proof that one or more measures were taken to protect the funds of payment service users;
  10. for providers of payment initiation services (PISs) and/or account information services (AISs), as laid down in Article 1(2), h-septies.1) of the TUB, proof that they have taken out a professional indemnity insurance policy or comparable guarantee for damages caused while providing these services, as well as evidence that the policy amount was calculated following the EBA Guidelines (EBA/GL/2017/08).

Depending on their situation and business model, intermediaries may be required to produce additional documentation to support the preliminary assessments (e.g. an expert analysis for any contributions in kind).

The documents referred to in points (d), (g) and (h) must be no older than six months before the date on which the licensing application was submitted.

What should the corporate purpose clause in the articles of association indicate?

Since the licence to issue and distribute electronic money also includes the authorization to provide all payment services, the corporate purpose clause must mention the issuing of electronic money and include a reference, even a generic one, to the provision of payment services. The clause should not contain any reference to financial services which the EMI does not provide or intend to provide in the time frame specified in the business plan.

The EMI shall provide the payment services indicated in the business plan.

How does the Bank of Italy assess the ownership structure of an EMI?

When assessing licensing applications from newly-incorporated entities, the Bank of Italy pays particular attention to the financial soundness and the quality of shareholders, to make sure that the entity is able to manage start-up risks and, in the event of a crisis, to minimize the costs associated with value destruction.

For this purpose, the Bank of Italy assesses the quality of the qualified shareholders (i.e. investors that hold at least 10 per cent of shares or voting rights or can exercise a significant influence over the intermediary) and the financial soundness of the business plan, based on the following criteria: the good repute, integrity, fairness, professionalism and expertise of those who, as a result of acquiring qualifying holdings, perform administrative and managerial functions in the EMI; the financial soundness of the qualified shareholders; the EMI's ability to comply with the provisions governing its business following the acquisition of a qualifying holding; the suitability of the group structure of the qualified shareholders for the purposes of effective supervision; the lack of grounds to suspect that the acquisition is associated with money laundering or terrorist financing. These assessments are carried out in line with the provisions of Article 19 of the TUB and the Bank of Italy Measure of 22 July 2022.

The assessments of ownership structures do not give rise to separate decisions on qualifying holdings, nor do they follow the procedures laid down in the relevant legislation, but they feed into the preliminary assessments for licensing applications. 

They are carried out on the basis of the information and documents submitted in accordance with the Bank of Italy Measure of 26 October 2021.

How does the Bank of Italy assess the governance structure of an EMI?

The Bank of Italy assesses an EMI's governance structure to verify its risk management capabilities, its consistency with the prospective business scope and size, and its transparency in the allocation of tasks among corporate bodies and in investor relations.

In addition, the Bank of Italy conducts fit and proper (F&P) assessments on the members of the management body in administrative, management and auditing functions, which is key to ensure sound and prudent management. To meet the F&P requirements, they must be professional, trustworthy, independent, competent and honest.

F&P assessment rules are laid down in Article 26 of the TUB and in Ministerial Decree 169/2020.

Intermediaries are responsible for identifying fit and proper members of the management body and must ensure that the appointees meet the F&P requirements and criteria throughout their term of office.

The members of the management body must also comply with the interlocking rules laid down in Decree Law 201/2011.

What should a business plan include?

The content of business plans is set out in the Supervisory Provisions for Payment and Electronic Money Institutions. When drawing up the business plan for an intermediary, directors must take into account its operations, size and organization, as well as the specific nature of its business (proportionality principle). Business plans must include at least the following:

  • a description of the prospective business lines;
  • a technical feasibility and capital adequacy forecast report;
  • an organizational structure report;
  • a description of the payment services, of the electronic money issuing activities, and of the measures taken to protect customers' funds. With specific reference to payment services, only those which the EMI intends to provide during the start-up phase should be described; if the intermediary intends to provide other services after obtaining a licence, it must send a specific notification to the Bank of Italy.

How are customers' funds protected?

Under the TUB, the sums received by an EMI for the issuance of e-money and for the provision of payment services listed in points 1 to 6 of Article 1(2), h-septies.1) of the TUB must be invested as set out in the Supervisory Provisions for Payment and Electronic Money Institutions. These sums constitute, for all intents and purposes, a separate capital fund from that of the EMI and no claims upon that capital may be made by or on behalf of the EMI's creditors, or by the creditors of the entity with which the money is deposited, if any.

EMIs must keep and store accounting records of the following:

  • separately, for each customer, the money received for the issuance of e-money and for the provision of payment services;
  • the assets in which the sums received have been invested.

These records must specify the banks where customers' funds are deposited and any custodians of the financial assets in which customers' money is invested, as well as the entities authorized to operate these accounts. The records must be updated on an ongoing basis and are regularly reconciled with the account statements provided by the custodians.

How does the Bank of Italy assess business plans?

The Bank of Italy assesses business plans for: a) their current and future sustainability, taking into account the required start-up investment and prospective business volumes; b) compliance with all capital and liquidity requirements since inception and throughout the forecast period.

The Bank of Italy may require shareholders to commit to providing financial support to the company if necessary for the development of its activities or in the event of difficulties.

What should the organizational structure report include?

The organizational structure report, to be drawn up in accordance with the template set out in the Supervisory Provisions for Payment and Electronic Money Institutions, must include at least:

  • the composition, role and functioning of corporate bodies;
  • the composition and role of the individual committees, if any;
  • an organizational chart indicating the number of resources allocated to each unit.

The documentation on internal controls and risk management to be submitted must specify, for each control function:

  • the roles, responsibilities and reporting lines;
  • the responsibilities of the function heads;
  • the number of staff allocated to each unit.

The organization and internal control systems are assessed to ensure they are effective and consistent with the intermediary's operational complexity and size.

With reference to the IT system and the business continuity plan, applicants are required to outline their backup and disaster recovery systems. They must also provide the name, job description, responsibilities and professional competences of their IT manager.

The IT system must ensure that the intermediary can operate properly and carry out its regular supervisory reporting. Specifically, the IT system must ensure that:

  • the EMI is able to monitor and manage IT security incidents;
  • all pending transactions are carried out, in the event that payment services are no longer provided;
  • access to customers' sensitive payment data is restricted and continuously monitored.

Where corporate functions (processes, services or operations) are outsourced, applicants must submit evidence that these arrangements will not prevent the intermediary from complying with legal requirements, affect customer relationships, reduce the quality of the internal control system or hinder internal supervision. For further details, please refer to the specific FAQ.

What information should be provided when corporate functions are outsourced?

EMIs can outsource corporate functions (processes, services or operations), including core functions, provided that these arrangements do not prevent the EMI from complying with legal requirements, affect customer relationships, reduce the quality of the internal control system or hinder internal supervision.

Supervisory provisions require intermediaries to adopt specific corporate policies to ensure that the outsourced functions are performed properly, the internal control system works smoothly and external providers' operations are regularly monitored. Furthermore, they specify the obligations of EMIs outsourcing operational functions relating to payment services, the issuance of electronic money or other core functions.

EMIs outsourcing any corporate functions are required to include the following information, in accordance with the EBA/GL/2019/02 Guidelines:

  • a brief description of the outsourced operations;
  • the names of external providers, together with a board of directors assessment - for core operations only - of their suitability, both in qualitative and quantitative terms, also considering any other outsourcing contracts they may have with other intermediaries;
  • the corporate outsourcing policy document setting out the following basic information, in line with the principle of proportionality: i) the decision-making process for outsourcing corporate functions; ii) the basic content of outsourcing contracts and the expected service levels for outsourced operations; iii) how outsourced functions are monitored; iv) internal information flows intended to ensure the full understanding and governance of the risk factors associated with the outsourced functions; v) contingency plans for providers' failure to perform outsourced operations properly;
  • a summary of the outsourcing contract for core operations specifying the parties' main rights and obligations; the expected service levels, in objective and measurable terms, and the service performance metrics; any conflicts of interest and their mitigation measures; the contract duration and renewal terms, as well as the mutual obligation provisions for contract termination;
  • a description of the measures taken, including organizational measures, to ensure ongoing monitoring of outsourced operations. EMIs should also specify the internal resources designated as outsourcing managers, whose professional profiles should be in line with this position.                  

EMIs outsourcing corporate functions are required to oversee the risks arising from outsourcing decisions, keep control of and remain responsible for outsourced operations, and retain the technical and management skills required to backsource them. It is understood that corporate boards and the heads of the outsourced functions will remain responsible for the overall performance of the outsourced operations.

During the licensing procedure, can the Bank of Italy carry out specific checks on applicants?

The Bank of Italy may order an assessment of the overall viability of an applicant's corporate structure and check the existence and amount of its capital. To this end, the Bank of Italy may order the applicant to give access to its inspectors or request a third party appraisal. Depending on the type of activity carried out by the applicant, the Bank may indicate additional matters to be assessed and recorded in the report.

May existing companies apply for registration in the EMI register?

Existing companies wishing to issue e-money must adopt a resolution to change their corporate purpose and make all other necessary changes to the articles of association. The licensing application must be submitted after the resolution to change the articles of association is approved and before this change is recorded in the Italian Business Register.

Under what conditions does an EMI's licence lapse?

A EMI's licence shall lapse if:

  • the EMI expressly renounces it within 12 months of its issue;
  • the EMI has not commenced operations within 12 months of the licence issue;

A limited extension for starting operations, normally not exceeding six months, may be granted for cause if the EMI submits a specific request before the one-year time limit expires.

As soon as the licence lapses, the Bank of Italy removes the EMI from the relevant register. The company must then change its corporate purpose.

Under what conditions can an EMI's licence be withdrawn?

Without prejudice to the cases of licence withdrawal permitted by law, the Bank of Italy shall revoke the licence of a EMI and remove it from the register if it finds that the EMI no longer fulfils the requirements or has not engaged in the licensed activity for a continuous period of over six months.

Licences may be revoked in accordance with the procedures laid down in Article 113-ter of the TUB when there are sums of money from customers still recorded in payment accounts or received against electronic money issued, funds received from payment service users which are still to be settled or subject to the safeguarding requirements laid down by the relevant provisions, as well as assets arising from the granting of financing.

After a licence is revoked, the EMI must amend its corporate purpose or file for liquidation.

PI and AI services

What exemptions are there for EMIs providing payment initiation services (PISs) and/or account information services (AISs)?

The following shall not apply to EMIs providing PISs and/or AISs:

  • the rules on the protection of customers' funds;
  • prudential rules.

Which professional indemnity insurance (or comparable guarantee) must an EMI take out to provide payment initiation services (PISs) and/or account information services (AISs)?

EMs wishing to provide PISs and/or AISs must submit evidence that they are covered by a professional indemnity insurance policy (or comparable guarantee) for any damages they may cause while providing these services. The main specifications of these insurance policies are set out in the EBA Guidelines EBA/GL/2017/08. The policy coverage must expressly include the risks mentioned in Guideline 1.2(a), (b) and (c).

In addition to the policy documentation, evidence must also be submitted that the  insurance premium was claculated in  compliance with the EBA Guidelines (EBA/GL/2017/08), i.e. using the tool provided by the EBA to calculate the minimum policy amount, and entering the company's estimates (in line with the business plan).

Whom should I contact to obtain an eIDAS certificate?

In the area of open banking, third-party providers (TPPs, i.e. third parties authorized to provide payment initiation and/or account information services) need this certificate to confirm their identity and log in to the user platforms made available by the operators with which the accounts are held. You can get an eIDAS certificate from a Qualified Trust Service Provider (QTSP).

Are EMIs providing account information services (AISs) allowed to share data with fourth parties?

Based on the clarifications provided by the EBA (in the EBA's Q&As), an EMI may share PSD2/Open Banking information with 'fourth parties' (i.e. companies which, even if not specifically authorized to provide AISs, seek to use the EMI's customer data to provide value-added services), provided they inform the account holder and obtain their consent.

What should payment service providers holding payment accounts that are accessible online do to allow third-party providers (TPPs) to conduct their business?

These payment service providers must allow third-party providers (TPPs) to conduct their business by giving them access to the necessary information. They can do so by adapting the existing customer interfaces or by setting up a dedicated online interface. In the latter case, Commission Delegated Regulation (EU) 2018/389 provides that third parties must be granted access to the payment accounts, including through a contingency (or fallback) mechanism to be used in the event that the dedicated interface is unavailable or performs inadequately.

The Bank of Italy may exempt payment service providers with payment accounts accessible online from the obligation to set up a fallback interface under certain conditions described in the Regulation. To this end, a special application must be submitted - including during the licensing phase - by following the instructions published on our website.